package lumis.portal.page.acl;

import lumis.portal.*;
import lumis.portal.page.*;
import lumis.portal.dao.*;
import lumis.portal.manager.*;
import lumis.portal.authentication.SessionConfig;
import lumis.portal.channel.acl.ChannelPermissions;
import lumis.util.*;
import lumis.util.security.acl.*;

/**
 * Manager for Page's Acl operations
 *
 * @version $Revision: 7037 $ $Date: 2007-05-25 22:53:02 -0300 (Fri, 25 May 2007) $
 * @since 4.0.0
 */
public class PageAclManager extends AclManager implements IPageAclManager
{
	public String add(SessionConfig sessionConfig, PageConfig pageConfig, ITransaction transaction) throws ManagerException, PortalException
	{
		// check permission
		if (!ManagerFactory.getChannelAclManager().checkPermission(sessionConfig, pageConfig.getChannelId(), ChannelPermissions.MANAGE_PAGE_SECURITY, transaction))
			throw new AccessDeniedException();

		// create new acl
		AccessControlList parentAcl = ManagerFactory.getChannelAclManager().get(sessionConfig, pageConfig.getChannelId(), transaction);
		String aclId = super.add(parentAcl, PagePermissions.getInheritPermissionsMap(), PagePermissions.getImplies(), transaction);

		pageConfig.setAccessControlListId(aclId);
		
		return aclId;
	}

	public AccessControlList get(SessionConfig sessionConfig, String pageId, ITransaction transaction) throws ManagerException, PortalException
	{
		return getAclInternal(sessionConfig, pageId, transaction);
	}

	public void update(SessionConfig sessionConfig, String pageId, AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
	{
		if (!checkPermission(sessionConfig, pageId, PagePermissions.MANAGE_PAGE_SECURITY, transaction))
			throw new AccessDeniedException();

		PageConfig pageConfig = ManagerFactory.getPageManager().get(sessionConfig, pageId, transaction);
		String pageAcl = pageConfig.getAccessControlListId();
		if(!pageAcl.equals(acl.getId()))
			throw new PortalException("STR_INVALID_ACCESS_CONTROL_LIST");

		// force implied permissions
		acl.setImpliedPermissions(PagePermissions.getImplies());

		super.update(acl, transaction);
	}

	protected AccessControlList getAclInternal(SessionConfig sessionConfig, String pageId, ITransaction transaction) throws ManagerException, PortalException
	{
		PageConfig pageConfig = ManagerFactory.getPageManager().get(sessionConfig, pageId, transaction);

		AccessControlList acl = aclCache.get(pageConfig.getAccessControlListId());
		if (acl == null)
		{
			acl = DaoFactory.getAccessControlDao().get(pageConfig.getAccessControlListId(), transaction);

			if(acl.isInheriting())
			{
				AccessControlList parentChannelAcl = ManagerFactory.getChannelAclManager().get(sessionConfig, pageConfig.getChannelId(), transaction);
				acl.inherit(parentChannelAcl, PagePermissions.getInheritPermissionsMap());
			}
			
			acl.setImpliedPermissions(PagePermissions.getImplies());

			aclCache.put(acl.getId(), acl);
		}
		
		return acl;
	}

	protected int getRequiredPermissions() throws PortalException
	{
		return PagePermissions.getRequiredPermissions();
	}
	
	public void checkRequiredPermissions(AccessControlList acl) throws PortalException
	{
		super.checkRequiredPermissionsInternal(acl);
	}
}
